Skip to content

Commit 8aaa841

Browse files
anikdhabalanikdhabal
authored
fix: unable to edit member as a team owner/admin (calcom#25587)
* fix: unaable to edit member as owner/admin * Clean up comments in EditMemberSheet.test.tsx Removed comments explaining the fix for permissions prop. * revert
1 parent 059ca25 commit 8aaa841

5 files changed

Lines changed: 423 additions & 61 deletions

File tree

apps/web/app/(use-page-wrapper)/settings/(settings-layout)/teams/[id]/members/page.tsx

Lines changed: 8 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,11 @@ import { headers, cookies } from "next/headers";
55
import { redirect } from "next/navigation";
66

77
import { getServerSession } from "@calcom/features/auth/lib/getServerSession";
8-
import { Resource, CustomAction } from "@calcom/features/pbac/domain/types/permission-registry";
9-
import { getSpecificPermissions } from "@calcom/features/pbac/lib/resource-permissions";
8+
import { getTeamMemberPermissions } from "@calcom/features/pbac/lib/team-member-permissions";
109
import { RoleManagementFactory } from "@calcom/features/pbac/services/role-management.factory";
1110
import SettingsHeader from "@calcom/features/settings/appDir/SettingsHeader";
1211
import { PrismaAttributeRepository } from "@calcom/lib/server/repository/PrismaAttributeRepository";
1312
import { prisma } from "@calcom/prisma";
14-
import { MembershipRole } from "@calcom/prisma/enums";
1513
import { viewerTeamsRouter } from "@calcom/trpc/server/routers/viewer/teams/_router";
1614

1715
import { buildLegacyRequest } from "@lib/buildLegacyCtx";
@@ -33,7 +31,7 @@ const getCachedTeamRoles = unstable_cache(
3331
try {
3432
const roleManager = await RoleManagementFactory.getInstance().createRoleManager(organizationId);
3533
return await roleManager.getTeamRoles(teamId);
36-
} catch (error) {
34+
} catch {
3735
// PBAC not enabled or error occurred, return empty array
3836
return [];
3937
}
@@ -49,7 +47,7 @@ const getCachedTeamAttributes = unstable_cache(
4947

5048
try {
5149
return await attributeRepo.findAllByOrgIdWithOptions({ orgId: organizationId });
52-
} catch (error) {
50+
} catch {
5351
return [];
5452
}
5553
},
@@ -79,65 +77,15 @@ const Page = async ({ params }: { params: Promise<{ id: string }> }) => {
7977
const organizationId = team.parentId || teamId;
8078

8179
// Load PBAC roles and attributes if available
82-
const [roles, attributes] = await Promise.all([
80+
const [roles, attributes, memberPermissions] = await Promise.all([
8381
getCachedTeamRoles(teamId, organizationId),
8482
getCachedTeamAttributes(organizationId),
83+
getTeamMemberPermissions({
84+
userId: session.user.id,
85+
team,
86+
}),
8587
]);
8688

87-
const fallbackRolesCanListMembers: MembershipRole[] = [MembershipRole.ADMIN, MembershipRole.OWNER];
88-
89-
// If the team is not private we allow members to list other members
90-
if (!team.isPrivate) {
91-
fallbackRolesCanListMembers.push(MembershipRole.MEMBER);
92-
}
93-
94-
// Get specific PBAC permissions for team member actions
95-
const permissions = await getSpecificPermissions({
96-
userId: session.user.id,
97-
teamId: teamId,
98-
resource: Resource.Team,
99-
userRole: team.membership.role,
100-
actions: [
101-
CustomAction.Invite,
102-
CustomAction.ChangeMemberRole,
103-
CustomAction.Remove,
104-
CustomAction.ListMembers,
105-
CustomAction.ListMembersPrivate,
106-
CustomAction.Impersonate,
107-
],
108-
fallbackRoles: {
109-
[CustomAction.Invite]: {
110-
roles: [MembershipRole.ADMIN, MembershipRole.OWNER],
111-
},
112-
[CustomAction.ChangeMemberRole]: {
113-
roles: [MembershipRole.ADMIN, MembershipRole.OWNER],
114-
},
115-
[CustomAction.Remove]: {
116-
roles: [MembershipRole.ADMIN, MembershipRole.OWNER],
117-
},
118-
[CustomAction.ListMembers]: {
119-
roles: fallbackRolesCanListMembers,
120-
},
121-
[CustomAction.Impersonate]: {
122-
roles: [MembershipRole.ADMIN, MembershipRole.OWNER],
123-
},
124-
[CustomAction.ListMembersPrivate]: {
125-
roles: fallbackRolesCanListMembers,
126-
},
127-
},
128-
});
129-
130-
// Map specific permissions to member actions
131-
const memberPermissions = {
132-
canListMembers: team.isPrivate
133-
? permissions[CustomAction.ListMembersPrivate]
134-
: permissions[CustomAction.ListMembers],
135-
canInvite: permissions[CustomAction.Invite],
136-
canChangeMemberRole: permissions[CustomAction.ChangeMemberRole],
137-
canRemove: permissions[CustomAction.Remove],
138-
canImpersonate: permissions[CustomAction.Impersonate],
139-
};
140-
14189
const facetedTeamValues = {
14290
roles,
14391
teams: [team],

0 commit comments

Comments
 (0)